Information Disclosure Vulnerability in MiVoice Connect by Mitel
CVE-2023-39291

4.9MEDIUM

Key Information:

Vendor: Mitel
Status: Mivoice Connect
Vendor: CVE Published:; 25 August 2023

What is CVE-2023-39291?

A vulnerability exists in the Connect Mobility Router component of MiVoice Connect that could enable authenticated attackers with elevated permissions to execute an information disclosure attack. This vulnerability is linked to improper configuration within the system, which, if successfully exploited, could expose critical system information. Users of MiVoice Connect version 9.6.2304.102 are advised to review system configurations and apply necessary mitigations to safeguard against potential data breaches.

References

https://www.mitel.com/support/security-advisories

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2023
Vulnerability Reserved
Jul 27, 2023